Software encryption and decryption method and system based on virtual environment

Abstract

The invention relates to the technical field of communication, in particular to a software encryption and decryption method and system based on a virtual environment, and the method comprises the following steps: S1, completing the preliminary classification and recombination of data on all external interfaces in a user mode through DPDK according to the protocol type of an IP message, and separating the signaling data from the service data according to an analysis result; s2, sending the signaling data to a user state through an inner core so as to complete signaling interaction of IPSec and SA negotiation and link establishment of IPSec; s3, in a user mode, extracting Sa/Sp/Route information of a link through a Netlink interface and a PF_KEY interface mirror image, and performing link information configuration; and S4, finally, performing encryption and decryption processing and routing forwarding on the service data according to the data flow direction in the user mode. According to the invention, the system processing capability of IPSec is greatly improved, high-performance IPSec data processing is realized, and the cloud virtualization trend of IPSec processing is satisfied.

Description

technical field [0001] The invention relates to the field of communication technology, in particular to a software encryption and decryption method and system based on a virtual environment. Background technique [0002] "Internet Protocol Security (IPSec)" is an end-to-end mechanism designed by IETF to ensure the security of IP layer communication, and it is an open framework structure. The IPSec protocol is not a separate protocol. It provides a complete set of architecture for network data security on the IP layer, including the network authentication protocol AH (Authentication Header, authentication header), ESP (Encapsulating Security Payload, encapsulating security load), IKE (Internet Key Exchange, Internet Key Exchange) and some algorithms for network authentication and encryption, etc. Among them, the AH protocol and the ESP protocol are used to provide security services, and the IKE protocol is used for key exchange. The IKE protocol is an application layer prot...

AI Technical Summary

Problems solved by technology

The comprehensive cost is relatively high, and the configuration is also inflexible. It cannot meet the principle of irrelevance of encryption and decryption protocol algorithms and cannot realize virtual cloud processing.

The Intel® QuickAssist Technology protocol processing solution can realize the encryption and decryption processing of the server, and can also pass through the device to the virtual device, but the corresponding cost is relatively high, and the technical design of the software and hardware is also relatively complicated

[0005] To sum up, the existing technology has the following disadvantages: (1) High-performance data encryption and decryption processing requires the cooperation of dedicated hardware equipment, high implementation costs, and inflexible configuration

(2) The scalability of dedicated hardware is poor, and the implementation cycle is long

(3) The processing efficiency of the kernel software is low, and the processing of large-scale encryption and decryption data is not timely, and the delay is relatively large

[0006] That is to say, the current operating system cannot meet the encryption and decryption requirements of large-flow data; the dedicated encryption and decryption hardware cannot meet the virtualization requirements; the cost of coprocessor hardware equipment is high and the technology is complex

Images